1.2 The purpose of the Policy is to set out the principle, method of processing and use of data and information from users of the Website, and includes information on the rights of individuals in relation to the personal data they provide.
- Principles of personal data protection
The Institute is the administrator of personal data provided by users on the website www.nimit.org.pl. The Institute takes special care to ensure that all personal data is processed in accordance with the purpose for which it was collected and used in accordance with the scope of the authorisations (consents) granted and the areas of processing permitted by law.
- The purpose of processing personal data
3.1 Any person providing personal data to the Institute through the forms on the website shall be informed of the specific purpose for which the data are processed and the legal basis for the processing.
3.2 The Institute shall use personal data only for the purposes indicated. In particular:
(a) when agreeing to receive the newsletter,
- b) when applying for a job position within the recruitment organised by the Institute,
- c) when concluding and implementing a contract with the Institute,
- d) when receiving information on the Institute’s activities,
- e) when participating in competitions organised by the Institute.
3.4 The personal data you provide will be processed on the basis of your consent until you withdraw it or the purpose for which the data was collected ceases to exist. Granted consent may be withdrawn at any time without affecting the legality of processing, which was performed on the basis of consent before its withdrawal.
The data processed in connection with concluding and performing the agreement will be processed in accordance with the regulations in force, however, no longer than until the expiry of the period in which the Institute can pursue claims related to the concluded agreement, unless a longer period results from the Accounting Act.
4 Security and storage of information
4.1 The Institute shall ensure the security of personal data by means of appropriate technical and organisational measures to prevent unlawful processing and accidental loss, destruction and damage to data.
4.2 The Institute takes great care to ensure that personal information is:
lawful, reliable and transparent,
collected for specified and legitimate purposes and not further processed in a way incompatible with those purposes
adequate, relevant and limited to what is necessary for the purposes for which it is processed;
accurate and, where necessary, kept up to date;
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed;
processed in a way which ensures appropriate security of personal data;
in such a way that the rights of the data subject are ensured;
not transferred without adequate protection to countries outside the European Economic Area or to international organisations.
- Data collection
5.1 When collecting any personal data, the Institute records where it was first obtained.
5.2 Personal data is obtained by means of:
online forms – information is collected through various forms available on the website for contact purposes, questions, comments;
offline contact – the Institute’s website provides various telephone and fax numbers and e-mail addresses where we can be contacted;
Traffic data and statistics on the frequency of hits on the Institute’s websites – a log is kept of information on traffic data that is automatically recorded by our server, such as the user’s IP address, the URLs visited before visiting our site, the URLs visited after visiting our site, and the pages visited. Statistics are also collected on the number of hits and page views. The Institute is unable to identify the user directly from the traffic data and usage statistics.
- User rights
6.1 The Institute shall respect each person’s rights in relation to the processing of their personal data. In particular, every person whose data is processed shall have the right to:
- be informed about the processing of his or her personal data,
- access, rectify, complete and amend the data,
- erasure of data (‘right to be forgotten’),
- have the processing restricted,
- data portability
- object to the processing of his/her data for the legitimate purposes of the Institute as data administrator, including direct marketing of its products and services as well as profiling, and the right not to be subject to a decision which is based solely on automated processing.
6.2. The Institute stipulates that where a person cannot be absolutely identified, for example in relation to the extent of the data provided, it may refuse to act on the request of the data subject by informing the data subject, unless the data subject provides additional information to identify him/her..
6.3 The Institute informs you that it is not obliged to erase data (“right to be forgotten”) where the processing is necessary:
- to exercise the rights and freedoms of expression and information,
- to comply with a legal obligation to process under EU or Polish law, or to carry out a task in the public interest,
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes,
- for the establishment, exercise or defence of claims.
6.5 If the User objects to further processing for marketing purposes, profiling or to the transfer of personal data to another data administrator, the objection shall be upheld. However, the data administrator may only leave the data identifying the natural person in the file in order to avoid the data of the natural person being used again for the purposes covered by the objection.
6.6 The user may exercise the right to information and access to the data not more frequently than once every 6 months. At the request of the data subject, the data administrator is obliged, within 30 days, to provide the necessary information.
6.7 To exercise any of the above rights of individuals, please contact us directly by sending an email to: email@example.com or by post to the Institute.
- The scope of sharing data about users
The Institute declares that it does not sell or lend users’ personal data collected for processing to other persons or institutions, unless it is done with the express consent or at the request of the user, or at the request of state authorities authorized by law for the purposes of proceedings conducted by them or for activities connected with security or defence, for legally defined tasks carried out for the public good, when it is necessary to fulfil the legally justified purposes of the Institute.
- Data Protection Inspector
Please be informed that the Institute has appointed a Data Protection Officer (DPO), who has been notified to the register kept by the Office for the Protection of Personal Data. The DPO can be contacted via e-mail: firstname.lastname@example.org
- Right to lodge a complaint